Internet of Things

[brucewarren]

Anyone remember the film "War Games?"

Silly film in many ways, but it seems to me that people took from it the wrong message.

The true message isn't "The only winning move ..." The true message is DON'T CONNECT ALL YOUR SHIT TO DA INTERWEBZ YOU IDIOTS !!!

Seriously, if some numpty hadn't connected the WOPA to the public phone network in the first place the film would have been a lot shorter.

Also, it's been known for some time that the Internet of Things has practically no security on it because it simply never occurred to the people behind it to bother. It should have done of course, but the stupidity of humans will always win out

[felter]

Also, it's been known for some time that the Internet of Things has practically no security on it because it simply never occurred to the people behind it to bother. It should have done of course, but the stupidity of humans will always win out

You are right, they have known for some time about the security issues with IOT devices. It's not that they couldn't be bothered about it either, nope it's all about the money. They see these devices as having a lifespan of 18 Months, and for them to make them secure would cost them a lot of money, so why spend lots of money on something that will be obsolete soon any way, so they don't bother.

I was at a presentation with one of the top guys from the BCS, I raised this issue and warned them that this was going to happen, as these devices had next to no security, even they didn't seem too worried about it at the time. So with them I would say it is not the issue of greed, for them it is stupidity. Then again we don't know what either the BCS or IEEE have said to governments, warning them about this issue. It was also a main part of our presentation for our degree, that right at the end I said that the IEEE and the BCS needed to do something about this issue.

Governments don't do anything until something happens that raises the issue to the public. I do know one or two people that advises both the UK and Scottish governments on anything to do with computer security, and I know they will have mentioned this issue to them before, so for them to haven ignored it is just ignorance and stupidity on their part. The things that governments are really worried about when it comes to computer security is encryption, and to them it is not the lack of encryption, they actually want to stop it because they can't read what has been encrypted.

I bet that all the security services have at some point hacked into IOT cameras and used them to spy on someone. They probably love that these devices lack security, and they probably do not want that to change. So in one ear you have people like me saying to governments and institutions secure these devices, and in the other you will have the CIA and GCHQ saying, leave them as they are we can use them to our advantage. I'm a nobody, while they say they are protecting the country and work for our governments, who do you think the government is going to listen to. So in the end is it stupidity, greed, ignorance or is it, we like it the way it is.

[Morkonan]

....So with them I would say it is not the issue of greed, for them it is stupidity. Then again we don't know what either the BCS or IEEE have said to governments, warning them about this issue. ....

so for them to haven ignored it is just ignorance and stupidity on their part. The things that governments are really worried about when it comes to computer security is encryption, and to them it is not the lack of encryption, they actually want to stop it because they can't read what has been encrypted.

I bet that all the security services have at some point hacked into IOT cameras and used them to spy on someone. They probably love that these devices lack security, and they probably do not want that to change. So in one ear you have people like me saying to governments and institutions secure these devices, and in the other you will have the CIA and GCHQ saying, leave them as they are we can use them to our advantage. I'm a nobody, while they say they are protecting the country and work for our governments, who do you think the government is going to listen to. So in the end is it stupidity, greed, ignorance or is it, we like it the way it is.

I think you've touched on a nerve, here.

I don't think that they would ignore the problem simply because they wanted to attach to these devices for security/spying work. However, I do think that there is a "theme" that is prevalent in the administrations of security agencies that has helped to fuel their attitude:

"More and better civilian information security measures mean bad things for us."

That attitude, it seems, is pervasive. It appears to be a underlying theme behind a great deal of rhetoric and, perhaps, a great deal of decision-making, behind the scenes.

Imagine working in an environment where that was the major theme-flavor of the month. Every discussion and meeting is focused on "civilian information security is a threat to national security." Every_Single_One.

So, when Mattel say's its going to make a new Happy Junior Parent Cam so Parents can monitor their baby in it's crib with a live video feed and someone suggests they should first be sure their device can't easily be hacked by making it "more secure", what's the knee-jerk reaction of security agencies going to be? Are they going to enthusiastically recommend some form of good security standards are implemented? Or, are they going to stay quiet, just so they can do something, in some small way, to help make the trouble they see in civilian information security... go away?

We can test this idea, thanks to recent events.

Watch the news. Watch legislation. Watch what security and communications regulatory officials say. If they don't rush to the cameras to speak about new legislation that makes these devices more secure... Well, then you'll know they've become so focused on this issue that they have left the path of wisdom and, perhaps, have left the path of "public interest" by walking into some dismal, dark, wood of "government interests."

It's not that they want to spy on junior in his crib. It's that they've got huge anti-civilian-information-security-and-encryption blinders on. It doesn't matter if one wanted to secure a coffee-maker, they'll be against it on principle, alone.

[brucewarren]

There is already legislation about this sort of thing though.

There are (at least) two requirements that need to be adhered to (in the UK at least. I can't speak for the Land of the Free) before you can start collecting data on people.

Requirement the first is that you have to actually need it. If you're a doctor the patient's blood type would be something you'd be allowed to store. If you're a bank it's something you would not be allowed to store. By the same token a doctor's practice would not be allowed to collect the sort of financial stuff a bank would need.

Requirement the second is that of data security. Companies are legally required to take reasonable steps against electronic intruders and theft of personal data.

[felter]

There is already legislation about this sort of thing though.

There are (at least) two requirements that need to be adhered to (in the UK at least. I can't speak for the Land of the Free) before you can start collecting data on people.

Requirement the first is that you have to actually need it. If you're a doctor the patient's blood type would be something you'd be allowed to store. If you're a bank it's something you would not be allowed to store. By the same token a doctor's practice would not be allowed to collect the sort of financial stuff a bank would need.

Requirement the second is that of data security. Companies are legally required to take reasonable steps against electronic intruders and theft of personal data.

What happens when that company does not come from the UK, I would have said EU but soon those laws wont cover us.

I was at a seminar on IOT device security, and one of the guys doing a presentation, a Welsh security company (can't remember their name). One of the IOT devices they did a check on was a so called smart watch, as they were the new thing then. It was a cheep watch that they bought from Amazon, made in China by a Chinese company based in China. They discovered that this watch sent everything back to a server in China, not just sent it but sent it unencrypted. This means if someone was daft enough to use this smart watch to do some online banking, using this watch they sent all their bank details back to China unencrypted. The Chinese company was not breaking any law, as they are not a UK company, they had no staff in the UK and had not agreed to the UK data protection act, as they do not have to.

Most companies do not collect data from these devices, for example: with a camera they are not collecting the video stream and it's the owner who is streaming their own data, so they don't come under the data protection. Some things do, another example: Samsung smart TV, and they were breaking data laws with this to start with, and when they go caught they got a slap on the back of the hand and told to behave themselves. How many companies have been hacked into and lost their customers data (you may be surprised), and how many of them have been prosecuted for it, most of them were breaking the data protection act and none of them get prosecuted for it. The problem is with outsiders hacking into those devices, and they don't exactly care about the data protection. As for the security services, they can do what ever they want to and our governments are giving them the permission to do so, it's why they hate encryption and VPNs, but love the snoopers charter.

[Morkonan]

There is already legislation about this sort of thing though.

There are (at least) two requirements that need to be adhered to (in the UK at least. I can't speak for the Land of the Free) before you can start collecting data on people.

Requirement the first is that you have to actually need it....

Requirement the second is that of data security....

The U.S. has similar laws. However, as felter has pointed out, these companies are not in possession of this data nor are they trying to collect it. Therefore, they don't come under any of these sorts of privacy laws/restrictions because they're simply not applicable.

At best, they take "reasonable" precautions to create products that do not purposefully expose their customers to privacy violations and hackers. As we have seen, these precautions, when present, are likely not enough.

That isn't to say that manufacturers must protect consumers from themselves. But, they could engineer products that made it either easier or even necessary for customers to take minimal steps to secure the devices.

[red assassin]

First rule of security: security is hard.
Corollary to rule 1: security is expensive. [1]

Second rule of security: no security is perfect.

Third rule of security: what was secure yesterday is not secure today.


The above factors make security astoundingly hard to legislate for. You can't be prescriptive about what security measures should be taken, because they'll be out of date by the time your law is passed, never mind by the time anyone gets around to updating the law. But you can't just say "your security mustn't suck", because that's far too vague to be enforceable. [2]

Therefore, legislation is not going to fix IoT security.

Market forces aren't going to fix matters either, because people, on the whole, just don't care enough to pay extra for security.

And even if, by some miracle, the security level does start to improve and your typical device at launch isn't hilariously vulnerable, sooner or later it's going to go out of support for one reason or another, and then by rule three it ends up vulnerable again.


Conclusion: IoT insecurity is here to stay.


[1] I don't just mean directly financially, either.
[2] Also, as mentioned above, most of this stuff is crap flooding in from China, and the legal regime, volume of types of device, and fluidity of manufacturing companies conspire to make legislation unenforceable and import controls unfeasibly labour-intensive.

[Morkonan]

...Therefore, legislation is not going to fix IoT security.

Market forces aren't going to fix matters either, because people, on the whole, just don't care enough to pay extra for security.

And even if, by some miracle, the security level does start to improve and your typical device at launch isn't hilariously vulnerable, sooner or later it's going to go out of support for one reason or another, and then by rule three it ends up vulnerable again.

Conclusion: IoT insecurity is here to stay....

Absolutely.

Legislation can't dictate or enforce something as amorphous as "communication security" in the private/public sector. (It doesn't even work very well for government agencies, either.)

These devices are, after all, designed to communicate. A perfectly secure device of this type would be functionally broken... (ie: HIWH Security Protocol. (Hit It With a Hammer))

However, I don't think the idea is that government legislation must come up with a foolproof method or protection for security nor should it be relied upon in that way. But, that doesn't mean that the industry can't, itself, adopt certain protocols that should be followed which are known to enhance security and apply these to IoT devices. There are many industry initiatives that can serve as good examples of cooperation between independent businesses. As instances of this sort start to become more frequent, which they will, and more publicized, which they will, consumers will start to understand, at least, that something is going on that they should probably pay attention to.

The issue is, of course, getting this sort of information to the consumer in a way that they can understand. Operator Error is the main cause of internet insecurity. That's going to translate directly to anything that has to do with communication that doesn't involve paper and a stamp. (Snail mail isn't free of this, either... so sad.)

[mrbadger]

If you make it so shops can only sell IOT devices that have been certified as safe (brief pause while I scoff at that whole concept), you'd get a price hike on such certified options, leaving the way clear for floods of non certified devices at a lower price point.
Many people would simply buy those and not care.

They can't stop Chinese sellers on Amazon stating in all caps that their fake products are really 100% genuine Apple products.
Supermarkets only need to let a chicken see real daylight for 5 minutes a day to be able to legally sell their eggs as 'Free Range'. Anyone who eats real free range eggs will know how stupid this is.

The Gluten Free fad has meant Supermarkets can sell massively processed foods as somehow magically healthy now because they have removed a single ingredient that most people aren't even really having a problem with.

Mis-labeling is mainstream now, and the strange thing is people don't seem to really care.

[Morkonan]

If you make it so shops can only sell IOT devices that have been certified as safe (brief pause while I scoff at that whole concept), you'd get a price hike on such certified options, leaving the way clear for floods of non certified devices at a lower price point.
Many people would simply buy those and not care...

That is true... at first.

...Mis-labeling is mainstream now, and the strange thing is people don't seem to really care.

Not everything that is labeled as "mainstream" lasts. After all, yoga pants are on the decline. (What a shame. Except in certain cases.) What about the "Gluten" fad? The rabid pace that some wanna-be-edgy people run takes them through these things pretty quickly. (Side-note: Beautiful woman, ate dinner with her, she wouldn't shut up about how much she loved her gluten-free diet and how healthy it made her. Asked her if she wasn't tolerant of glutens, but she said "No, it's just because it's much healthier for you in general, since glutens are bad..." Didn't go out with her again. Kind of a shame, really. ) While some people are still turning to worship their gluten-free gods, more information is starting to trickle into the "mainstream." IMO, it won't be long until "gluten free" goes the way of the "magic crystal" - Only a few kooks will hold on to it, needlessly. On the upside, though, it has encouraged people to re-evaluate their diets.

Private industry innovates before public legislation. That doesn't seem right, does it? By-and-large, though, that's the way it occurs. After all, who's going to prove to elected officials that there is a better way if they don't already have a "better way tool" sitting in their tool-box?

Here's an example: https://www.dli.mn.gov/ccld/PDF/eli_bul ... istory.pdf (Some History of Residential Wiring Practices in the U.S. )

In all of these cases, that I can remember reading, the materials being used already existed before the legislation that required them did. And, it wasn't because some company forced some elected official to push the legislation through. In many cases, these switches, wires and materials were adopted beforehand and already in the marketplace.

So, let's hypotheticalize this with some wild guesses - The presence of IoT devices becomes more commonplace in homes. That's pretty much an agreed upon point, right? OK, so, if this evolves as you say it will, which I don't doubt it will in the early emerging market, then what? Well, it's obvious that more of these devices will be compromised and more innovative, nefarious, uses will be devised for them. Then what? When home-owners get calls and emails about their home being used in an internet attack or they get a knock on the door from the Party Van and are handed a search warrant request, then what?

As these devices become more common, the frequency of illicit use will also increase if the devices remain easily breached. And, if those instances are discovered (important point), reports will increase and public concern will also increase. (Even with people that don't even have them... )

Then what? Naturally, just like in the jungle, the industry will respond, both for their own internal reasons, like seeking "a better way", and for external reasons, like making their products more competitive. In this case, competition will be based on the concerns of the consumer - Security.

But, it doesn't have to be a perpetual game of leap-frog and that's why I'm bringing it up. It is possible for private industry to act on a foreseeable problem or in response to innovation BEFORE legislation requires it. There are many industries that have organizations within them that come together to help solve common problems relating to workplace safety, environmental issues, transport, terrorism, etc that aren't just excuses to raise prices or charge for needless services.

Which company wants to be in front when the next "mainstream" wave of IoT Security Concerns hits the public? It's going to happen, right? Don't you think companies are already looking at ways to improve the security of their devices if for no other reason than to be able to advertise it on the box? They are.

[mrbadger]

you are very much not wrong.

In another related area we had a guy come to present their research into an Internet of Things type of setup for cars, where clusters of cars were established for information sharing, and re-ordered dynamically (cars being things that move...)
Kind cool I guess, but the thing is they were mostly going on about how it would be kept secure, coolness aside, that seemed to be a big point.

So in that respect it re-enforces your point, the industry is adjusting to consider security first

[Morkonan]

...So in that respect it re-enforces your point, the industry is adjusting to consider security first

While this is a good example of industrial innovation targeted towards consumers, it may not be a good example of IoT consumer safety considerations.

I do share your pessimism when it comes to the emerging, early, stages of IoT device bloom. I just feel it will be most prevalent in the early market, getting "naturally selected for" as the market grows.

John Podesta is the chairman of the Hillary Clinton Presidential Campaign and the leader of the spearhead to get her elected.

He used the same password for everything he did.

(Read that sentence over, three times.)

Email, phone, Twitter, whatever else this guy had to use a password for, he used the same one. Derpity derp derp... cruisin' through the e-verse, haters be hatin', I'm Runner4567 and I be baitin'... (I apologize...)

As a result, his foible has cracked open another political crapstorm and that will probably have life-long consequences for him, personally, if not for a great many other people.

An automobile is a very large dangerous thing that people still don't respect enough. But, they respect enough of it to be really scared of someone hijacking it, increasing the throttle, changing the A.C., switching the radio-station... In other words, it's a recognizable threat. They've seen car accidents and it's likely they've been in one or three - They know the consequences of failure. They can visualize the consequences of the worst sort of breach. (Maybe not the more sneaky, nefarious ones, though.)

IoT is new and people are still ignorant when it comes down to basic cyber-security. Even those who aren't so ignorant may not see lightbulbs as an operational security issue. These are the same sorts who don't mind if they have to login with personal information to access an online recipe-book or get a driver download. They're the same ones that don't care if Google is searching the content of their emails. They like giving all their personal information to some crap-page on the 'net so it can "select things they might like" for them... They're the same sorts that refute worries concerning nation-states spying on their own citizens with "If you have nothing to hide, you have nothing to fear." After all, what's the worst that could happen, right? The lightbulb/washing machine/refrigerator will just burn out or it'll be something just as innocuous. Annoying, but certainly not devastating... right? I have nothing to hide from my washing-machine, why did it forsake me?!

Many people don't even use the auto-lock on their smartphones... still.

Public Scrutiny, the threat of lawsuits, the obvious government oversight already established in the automobile industry at large has helped to fuel what you probably observed - Industry acting proactively in a very conspicuous way. Some of that will happen with IoT. There will be security, of some sort, that makes it way into IoT through industrial innovation and market forces at the outset.

People don't sue light-bulb manufacturers. They do sue automobile manufacturers. But, now, the threat that household appliances represent to the consumer has grown with the arrival of IoT and I don't think that many consumers are going to be avoid "operator error" or "operator complacency", simply because they don't understand the possible threats and the personal impact they could have. (Use the same passcode for your lighting manager app as you do for your bank-card PIN, your smartphone, your home security passcode.... And you, too, could be the chairman for the election campaign for the candidate to the most powerful office in the land...)

That's why I think industry needs to get ahead of that issue, perhaps with government urging or even government funding.

[Mightysword]

An automobile is a very large dangerous thing that people still don't respect enough. But, they respect enough of it to be really scared of someone hijacking it, increasing the throttle, changing the A.C., switching the radio-station... In other words, it's a recognizable threat.

People are still very casual about it even though they know it's a threat. IMO if and when someone hack a car to cause scare Grandma for the lolz. It could be real terrorist doing something on the highway that would involved hundred of cars. How many time we see reports of because one car go wrong followed by mile of destruction on the highway? Technically the mean for something like that to happens already exists since some expert had already did a concept proof, all it waiting is the right condition and someone to put a plan to try. Should we wait until something like that happens to take it more seriously?

IoT is new and people are still ignorant when it comes down to basic cyber-security. Even those who aren't so ignorant may not see lightbulbs as an operational security issue.

It's the samething back to the emergence of social media. I remember the time when Facebook was picking up steam, I was finishing one of my last class for my undergrat decree, a class about Cyber-Ethic. Maybe because of the timing but I have been largely stay away from social media with a 10 foot poles. But basically, I kept telling all of my colleagues (from other disciplines who were in love with facebook): look, story space, bandwidth costs something to maintain, they don't give you all that to post whatever you want and save your picture for nothing. It's not "free". In fact 10 years ago when people keep nagging and ask why I don't get on social media, I told them because I'm a student in Computer Science I'm not going anywhere near it, call it professional paranoid.

Then in the following years during my graduated years as I followed all the drama, lawsuits about privacy around facebook (some involves my former colleagues) ... I didn't really feel anything against Facebook, but rather I wonder "how ignorant can people really be?"

[mrbadger]

My mum, who was a senior social worker for many years, has (I think still has), a loft packed with documents that she needed to keep related to her caseload, even though she's retired.

She had a stroke two years back, and my wife and I had to go sort out bank details and such.
I found passwords written down everywhere, for everything from banking and shopping to work stuff. Not ideal. I think it took a few days to search out everything. If she'd been burgled they would have had her life in their control, and had they looked, enough records to probably do the same for many more people.

It worries me. Ok she's just one person, but this password based security system we have is an unbelievably huge security risk.

My somewhat useless sister has taken over the sorting her out thing and no doubt has done nothing about the loft full of records.

I'm a CS lecturer, I think I understand the security landscape, but I've been hacked a few times. Enough to know identical passwords are a terrible idea.

But so are multiple different passwords, since you end up writing them down, or many do.

I don't, which means many reset password clicks for me

[Morkonan]

People are still very casual about it even though they know it's a threat. ...Should we wait until something like that happens to take it more seriously?

We often do, unfortunately. We're a species that's really good about creating cures, but we generally suck when it comes down to prevention.

It's the samething back to the emergence of social media. ..In fact 10 years ago when people keep nagging and ask why I don't get on social media, I told them because I'm a student in Computer Science I'm not going anywhere near it, call it professional paranoid.

I have friends who are professionals in I.T. They laugh at me whenever the subject comes up. If I make a point, they shrug.

I'm not paranoid, just cautious and I don't like the way personal information is treated by all social media outlets and many commercial companies. I don't think "I" should be sold, back and forth, tracked by everyone, targeted because of my interests or online habits or monitored by my government if I have done nothing wrong.

I do not wish to participate in an environment where personal information is considered currency.

...It worries me. Ok she's just one person, but this password based security system we have is an unbelievably huge security risk.

The most convenient protections are often easily overcome. ie: The heavily barred gate is the weakest defense in a wall.

I'm in favor of two-factor authentication for everything. Honestly, I wouldn't mind seeing a good third-party authentication system, but I think that could be horribly abused and could run the risk of being even more dangerous.

Instead of the dongles of the past, everyone uses smartphone apps these days for two-party authentication. My phone is.. intellectually challenged in that regard. (It's "special" and has limited app capacity, which is fine by me.) I have a fingerprint reader on my laptop, but, in the end, that's just "data" and using biometrics online has issues just like any other authentication scheme.

When quantum authentication/encryption becomes possible... I wonder how governments are going to react to that and if they'll "let us" use them.

I don't, which means many reset password clicks for me

^--- This. I won't go into my own password schemes, for obvious reasons, but I don't write them down, either, and they're not friggin simple... which means I have to reset them fairly regularly for some infrequently visited sites.

Pro-tip!: One way to help you remember new passwords (or anything else, for that matter) is object placement/identification/association. Take an object on your desk and move it to another location on your desk. (The more unusual the better.) Or, for a digital way, create a small graphic or edit a small picture and store it in a location that you can associate with what you wish to remember. Look at this object/picture from time to time and associate its relevance with whatever it is you wish to remember. Eventually, recalling any part of the association, even the imagery of remembering the object/picture, will help you recall the rest of the information associated with it. (Physical objects work best, though. It's what we're used to. Doodling with a pen/paper can work as well.)

It's like leaving the writing down your shopping list and leaving it by the door so you'll "remember" to go shopping for certain items. If you forget about it and then happen to see the shopping list, or to recall it, you'll remember a good many items on that list without having to read it.

I have a small tube of lip balm standing next to my monitor, right now, so that I can remember something important. Eventually, I can remove it and the simple act of recalling it and its placement will help me remember the details.

But, if I wanted to remember all my passwords perfectly, I'd need... fifty-eleven tubes of lip-balm scattered all over my desk...

[mrbadger]

I don't wish to know what you get up to with lip balm on your computer desk.......

I have a similar scheme I suppose, but no physical objects remain to tip off anyone else.

My iCloud account got hacked a few weeks back, not entirely sure how, but since it isn't a password I use anywhere else, and nothing important is stored in icloud I wasn't worried.
Bit of a pointless effort really, I store nothing important/risky to me on the cloud.

[Morkonan]

I don't wish to know what you get up to with lip balm on your computer desk.......

...

RESEARCH!

I have a similar scheme I suppose, but no physical objects remain to tip off anyone else.

There is no pattern at all. And, for this sort of recall, there doesn't have to be. The simple "special" association of a thought or a memory with an object, further enhanced by manipulation, something that is in frequent sight to prompt recall, is what does it. It's like recalling memories when one smells a certain fragrance of perfume, or any other smell, except... different.

My iCloud account got hacked a few weeks back, not entirely sure how, but since it isn't a password I use anywhere else, and nothing important is stored in icloud I wasn't worried.
Bit of a pointless effort really, I store nothing important/risky to me on the cloud.

/same I also store nothing personal in emails, either online or local. Anything with uniquely identifiable information gets transferred & deleted. That's not from any paranoia, it's just an old habit.

Another tip, for anyone, really - Junk-email-specific addresses for commercial sign-ups, etc. For instance - Morkjunk@thisisntarealemailaddress.com. Signup for the website once, never have to deal with their spam. (Just don't "link" junk email accounts. That's bad...)

There's also sites like Guerrilla Mail for a sort of "one-time pad" expiring email address.

With all this "security" talk, it reminds me of how sad it is that it seems governments and large commercial concerns are doing all they can to collect and reveal personal information and to prevent people from taking steps to protect their personal data. I am absolutely positive that some commercial manufacturer of IoT devices is going to require your house to "login" with all your personal information as well as every time you turned on the bathroom light. Turn it on too much and you'll get spammed on your smartphone by laxative advertising...

Nvidia now requires a login to use their "GeForce Experience" app that used to be great for updating drivers. But, no fear - You can link it with your Twitter or Facebook account for easy, convenient, no-hassles, super-duper special, reasons! (Friggin bartards) How much longer until we get Facebook Bulbs and Facebook Washing Machines?

See what my washing machine washed today! <pic> Oops, track marks in the hubbies undies, again! <Insert ad for Undie500 Super Track Mark Stain Remover>

[mrbadger]

My internet security habits actually got me into trouble with my wife, when she noticed I delete all emails, messages and such as soon as I can.

She thought I was hiding something.

Well she's sort of right, I'm hiding my comms from anyone who got into my accounts.